Existing deepfake audio detection methods exhibit insufficient robustness against generative adversarial attacks (e.g., GAN-based anti-forensic attacks). To address this, we propose SHIELD, the first framework integrating *defensive generative modeling* with *triplet collaborative learning*: an auxiliary defensive generator actively exposes latent forgery traces, while a triplet network jointly models the manifold relationships among bona fide audio, adversarially forged audio, and the original generator. By leveraging multi-source audio data for joint training, SHIELD achieves state-of-the-art detection accuracy—98.13%, 98.58%, and 99.57% on ASVspoof2019, In-the-Wild, and HalfTruth benchmarks, respectively—under matched adversarial attack conditions. Our approach significantly outperforms existing methods, demonstrating both superior accuracy and strong generalization across diverse attack types and unseen domains.

Audio plays a crucial role in applications like speaker verification, voice-enabled smart devices, and audio conferencing. However, audio manipulations, such as deepfakes, pose significant risks by enabling the spread of misinformation. Our empirical analysis reveals that existing methods for detecting deepfake audio are often vulnerable to anti-forensic (AF) attacks, particularly those attacked using generative adversarial networks. In this article, we propose a novel collaborative learning method called SHIELD to defend against generative AF attacks. To expose AF signatures, we integrate an auxiliary generative model, called the defense (DF) generative model, which facilitates collaborative learning by combining input and output. Furthermore, we design a triplet model to capture correlations for real and AF attacked audios with real-generated and attacked-generated audios using auxiliary generative models. The proposed SHIELD strengthens the defense against generative AF attacks and achieves robust performance across various generative models. The proposed AF significantly reduces the average detection accuracy from 95.49% to 59.77% for ASVspoof2019, from 99.44% to 38.45% for In-the-Wild, and from 98.41% to 51.18% for HalfTruth for three different generative models. The proposed SHIELD mechanism is robust against AF attacks and achieves an average accuracy of 98.13%, 98.58%, and 99.57% in match, and 98.78%, 98.62%, and 98.85% in mismatch settings for the ASVspoof2019, In-the-Wild, and HalfTruth datasets, respectively.